Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2012
Page 1 / 4   >   >>
Global Payment Systems Compromised In 'Massive' Breach
Quick Hits  |  3/31/2012  | 
Vulnerable records at Visa, MasterCard could be in the millions due to unauthorized access
IT's Hottest 'Necessary Evil'
News  |  3/30/2012  | 
While IT security pros may still find themselves defending their roles, they're also in a good spot when it comes to compensation, with a median base salary bump for staffs up a tidy $7,000 this year, according to the new The InformationWeek 2012 U.S. IT Salary Survey: Security
Forensic Approach To Mobile App Vulnerability Research
Commentary  |  3/30/2012  | 
Intro to a unique approach for vulnerability research on mobile apps using traditional PC forensic tools
Lesson From Pwn2Own: Focus On Exploitability
News  |  3/29/2012  | 
Talented programmers can create attack code quickly, suggesting that firms need to focus on patching easily exploitable -- not just exploited -- flaws
Google Big Tent: Regulation Vs. Personal Responsibility
Commentary  |  3/29/2012  | 
Society should embrace the touch-the-stove approach when it comes to online common sense, explains 14-year-old Adora Svitak, author of no less than three books and advocate of techno-youth empowerment, at Google event on Web regulation.
It's (Already) Baaack: Kelihos Botnet Rebounds With New Variant
News  |  3/29/2012  | 
Botnet hunters debate whether Kelihos/Hlux operators can reclaim rescued bots
How To Choose Endpoint Protection
News  |  3/29/2012  | 
Don't fret about malware detection. Focus on user interactions, performance, and management.
Congress Proposes FISMA Overhaul
News  |  3/29/2012  | 
Amendments would update the 2002 law for today's federal IT environment, transfer cybersecurity oversight from Homeland Security to OMB.
YouTube Tool Blurs Faces To Protect Privacy
News  |  3/29/2012  | 
YouTube plans to give video makers an easy way to blur faces to protect the privacy of people who don't want to appear in online videos.
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/29/2012  | 
FTC privacy proposal has been both lauded and criticized, but also triggered talk on the impact on retailers, nonprofits, and online advertisers.
China Hacked RSA, U.S. Official Says
Quick Hits  |  3/29/2012  | 
And RSA official responds to Gen. Keith Alexander's telling Congress this week that Chinese attackers were behind the SecurID breach last year
Someone Left The Keys In Your Compliance System
Commentary  |  3/29/2012  | 
Information security is at the mercy of your entire staff's habits
Security Pros Worry Most About Mobile Threats, But Most Have No Way To Detect Them
Quick Hits  |  3/29/2012  | 
Many enterprises have no good way to identify mobile vulnerabilities, Tenable report says
Cybercrime's Love Affair With Havij Spells SQL Injection Trouble
News  |  3/28/2012  | 
Automated SQL injection attack tool makes database extraction as easy as a button click for cybercriminals
Will New FTC Privacy Recommendations Challenge E-Commerce?
News  |  3/28/2012  | 
Privacy recommendations from the FTC have been both lauded and criticized, but also triggered talk on the impact of changing attitudes toward privacy
Deja Vu: Reincarnated Botnet Struck Down
News  |  3/28/2012  | 
Researchers at Kaspersky Lab, CrowdStrike, and Dell SecureWorks intercept bots from infamous spamming botnet -- but this time without the help of Microsoft and its legal team
A Single 'Pain' Of Glass?
Commentary  |  3/27/2012  | 
Is the often-pitched 'single pane of glass' a benefit to security monitoring tools or yet another point of contention?
Malware To Increasingly Abuse DNS?
News  |  3/27/2012  | 
Many companies do not scrutinize their domain-name service traffic, leaving an opening for malware to communicate using the protocol
Risk And Regulatory Overload
Quick Hits  |  3/27/2012  | 
New study finds organizations worried about risk and compliance, but struggling to manage it all
Data Breach Lawsuits Less Likely In Hacks
News  |  3/27/2012  | 
Individuals whose personal data is exposed in a data breach more likely to sue if the victim organization mishandled their data, researchers find
NSA Chief: China Behind RSA Attacks
News  |  3/27/2012  | 
Chinese steal a "great deal" of military-related intellectual property, and were responsible for last year's attacks on cybersecurity company RSA, Gen. Keith Alexander tells Senators.
Zetta Launches SMB Cloud Storage Platform
News  |  3/27/2012  | 
DataProtect 3.0 handles data protection, archiving, and disaster recovery in small and midsized businesses.
Apple Rejects Apps Over Privacy Concerns
News  |  3/27/2012  | 
Escalating crackdown begins on apps that use UDID numbers to try and identify unique devices.
LulzSec Reborn Claims Military Dating Site Hack
News  |  3/27/2012  | 
Hacktivists exposed details of 170,000 people on militarysingles.com, as the LulzSec reboot appears to be gaining steam.
Command Injection Attacks, Automated Password Guessing On The Rise
Quick Hits  |  3/27/2012  | 
Spam, vulnerabilities, exploit code all on the decline, IBM X-Force report says
Vetting The Security Of Cloud Service Providers
News  |  3/26/2012  | 
A registry offered by the Cloud Security Alliance allows customers to compare the security measures of participating service providers. Is that enough to make cloud more secure?
FTP Ubiquitous And Dangerously Noncompliant
News  |  3/26/2012  | 
Its ease of use and prevalence notwithstanding, old-fashioned FTP introduces compliance and security risks
Microsoft, Financial Partners Seize Servers Used In Zeus Botnets
News  |  3/26/2012  | 
Most Zeus operations still untouched, but a noticeable dip in Zeus botnet activity spotted by one botnet-monitoring organization
Google Chrome Extensions: 6 Security Facts
News  |  3/26/2012  | 
Malicious Chrome extensions, once they have a toehold on your computer, can wreak havoc via your browser. Understand the security implications.
White House Sets Cybersecurity Priorities
News  |  3/26/2012  | 
Agencies should focus on safer Internet connections, continuous monitoring of systems, and authentication, says cybersecurity chief.
Microsoft Leads Zeus Botnet Server Shutdown
News  |  3/26/2012  | 
Microsoft, U.S. Marshals, and financial industry agents raid two Zeus botnet servers farms that stole more than $100 million and infected 13 million PCs with malware.
Robot Jellyfish May Be Underwater Spy Of Future
News  |  3/23/2012  | 
Jellyfish-like robot, developed with Navy funds, refuels itself with hydrogen and oxygen extracted from the sea. The goal: Perpetual ocean surveillance.
Minimizing The Attack Surface Area A Key To Security
News  |  3/23/2012  | 
While many security experts lament the death of the network perimeter, the concept of attack surface area is still very much alive
Choosing The Right Vulnerability Scanner For Your Organization
Quick Hits  |  3/23/2012  | 
Vulnerability scanning plays a key role in both security administration and compliance. But which tools are right for you? Here are some tips on how to decide
Facebook's Privacy Two-Step On Passwords, Employers
Commentary  |  3/23/2012  | 
Facebook says sharing your password with a potential employer violates its rules. But will Facebook enforce this rule, when it still doesn't confirm user ages?
Compliance In An Age Of Mobility
News  |  3/23/2012  | 
Regulated companies put compliance efforts in jeopardy unless they address mobility.
Megaupload Host Wants To Delete Data
News  |  3/23/2012  | 
Movie industry association wants data retained indefinitely, but hosting company says it's too expensive. Meanwhile, questions rise over why Anonymous launched retaliatory attack--and who paid for it.
Compliance In An Age Of Mobility
News  |  3/22/2012  | 
Regulated companies put compliance efforts in jeapordy unless they address mobility
Fake Caller ID Attacks On The Rise
Quick Hits  |  3/22/2012  | 
"Vishing" attacks increased by 52 percent in the second half of last year
StopTheHacker Website Security Suite Adds 10 Hosting Partners Globally
News  |  3/22/2012  | 
Security solutions are now distributed in six additional countries
Technology Cannot Solve All Your People Problems
Commentary  |  3/22/2012  | 
Too many in business assume compliance is primarily a technology issue
Keep Your Friends Close, Especially If They Are Anonymous
Commentary  |  3/22/2012  | 
Sabu's traitorous ways reminds us of the sage advice to keep your friends close and your enemies closer
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
News  |  3/22/2012  | 
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
Fun With REMnux -- And New Malware Analysis Book
Commentary  |  3/22/2012  | 
"Practical Malware Analysis" provides in-depth knowledge on malware analysis and includes useful lab exercises. We take REMnux for a spin with the labs
When Hackers Want Much More Than Money
News  |  3/22/2012  | 
Insider attack data breaches are down in 2011, but hacktivist attacks, with motives beyond money, are up, reports Verizon 2012 Data Breach Investigations Report.
New Botnet Emanates From Republic Of Georgia, Researchers Say
Quick Hits  |  3/21/2012  | 
Win32/Georbot steals documents, hides from anti-malware scanners
$1.5M Fine Marks A New Era In HITECH Enforcement
News  |  3/21/2012  | 
Data breach at BlueCross BlueShield of Tennessee, and subsequent penalty, stands as example of financial fallout from poor healthcare IT security practices
Duqu Alive And Well: New Variant Found In Iran
News  |  3/21/2012  | 
Researchers at Symantec dissect part of new, retooled version of the reconnaissance-gathering malware
Microsoft Donates Software To Protect Exploited Children
News  |  3/21/2012  | 
Microsoft will offer its PhotoDNA software to law enforcement free of charge to help investigators track down verified child porn.
Firefox Takes Privacy Lead With HTTPS By Default
News  |  3/21/2012  | 
Firefox users soon won't have to worry about their browsers betraying their search queries.
Page 1 / 4   >   >>


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.